Researcher: CvIr.System
Reference:
BUGTRAQ:20061013 CMS contenido Remote File Inclusion
http://www.securityfocus.com/archive/1/archive/1/448549/100/0/threaded
I was investigating whether this was a rediscovery of CVE-2005-4132,
but CVE-2005-4132 comes from a vague vendor disclosure that doesn't
have any vector information. So after a couple minutes'
investigation, I wasn't sure if this was really new or not.
Downloading the code from:
http://www.contenido.org/opensourcecms/en/index-a-104.html
I got Stable Version 4.6.15.
It looks like config.php sets $contenido_path to a static value:
$contenido_path = "../contenido/";
and config.php is included before the claimed-vulnerable code:
from cms/dbfs.php:
include_once ("config.php");
include_once ($contenido_path . "includes/startup.php");
from cms/front_content.php:
include_once ("config.php");
# Contenido startup process
include_once ($contenido_path."includes/startup.php");
No other code in the cms/ directory has an include that uses
$contenido_path.
So, this looks like an incorrect report.
- Steve